CISMP-V9 実際試験問題と解答 - 模擬練習 - 受験自信を増やす

Question No : 1
Which security framework impacts on organisations that accept credit cards, process credit card transactions, store relevant data or transmitcredit card data?

A.PCI DS
B.TOGA
C.ENISA NI
D.Sarbanes-Oxiey

正解:
Explanation:
https://digitalguardian.com/blog/what-pci-compliance

Question No : 2
Which of the following types of organisation could be considered the MOST at risk from the theft of electronic based credit card data?

A.Online retailer.
B.Traditional market trader.
C.Mail delivery business.
D.Agricultural producer.

正解:

Question No : 3
One traditional use of a SIEM appliance is to monitor for exceptions received via syslog.
What system from the following does NOT natively support syslog events?

A.Enterprise Wireless Access Point.
B.Windows Desktop Systems.
C.Linux Web Server Appliances.
D.Enterprise Stateful Firewall.

正解:

Question No : 4
When considering the disposal of confidential data, equipment and storage devices, what social engineering technique SHOULD always betaken into consideration?

A.Spear Phishing.
B.Shoulder Surfing.
C.Dumpster Diving.
D.Tailgating.

正解:

Question No : 5
Which of the following testing methodologies TYPICALLY involves code analysis in an offline environment without ever actually executing the code?

A.Dynamic Testing.
B.Static Testing.
C.User Testing.
D.Penetration Testing.

正解:

Question No : 6
Which of the following is MOST LIKELY to be described as a consequential loss?

A.Reputation damage.
B.Monetary theft.
C.Service disruption.
D.Processing errors.

正解:

Question No : 7
Which of the following cloud delivery models is NOT intrinsically "trusted" in terms of security by clients using the service?

A.Public.
B.Private.
C.Hybrid.
D.Community

正解:

Question No : 8
What form of risk assessment is MOST LIKELY to provide objective support for a security Return on Investment case?

A.ISO/IEC 27001.
B.Qualitative.
C.CPN
D.Quantitative

正解:

Question No : 9
Which of the following controls would be the MOST relevant and effective in detecting zero
day attacks?

A.Strong OS patch management
B.Vulnerability assessment
C.Signature-based intrusion detection.
D.Anomaly based intrusion detection.

正解:
Explanation:
https://www.sciencedirect.com/topics/computer-science/zero-day-attack

Question No : 10
Data Protection & Privacy.

A.1, 2 and 3
B.3, 4 and 5
C.2, 3 and 4
D.1, 2 and 5

正解:

Question No : 11
Which security concept provides redundancy in the event a security control failure or the exploitation of a vulnerability?

A.System Integrity.
B.Sandboxing.
C.Intrusion Prevention System.
D.Defence in depth.

正解:
Explanation:
https://en.wikipedia.org/wiki/Defense_in_depth_(computing)

Question No : 12
Which term describes a vulnerability that is unknown and therefore has no mitigating control which is immediately and generally available?

A.Advanced Persistent Threat.
B.Trojan.
C.Stealthware.
D.Zero-day.

正解:
Explanation:
https://en.wikipedia.org/wiki/Zero-day_(computing)

Question No : 13
In terms of security culture, what needs to be carried out as an integral part of security by all members of an organisation and is an essential component to any security regime?

A.The 'need to knownprinciple.
B.Verification of visitor's ID
C.Appropriate behaviours.
D.Access denial measures

正解:

Question No : 14
What Is the PRIMARY reason for organisations obtaining outsourced managed security services?

A.Managed security services permit organisations to absolve themselves of responsibility for security.
B.Managed security services are a de facto requirement for certification to core security standards such as ISG/IEC 27001
C.Managed security services provide access to specialist security tools and expertiseon a shared, cost-effective basis.
D.Managed security services are a powerful defence against litigation in the event of a security breach or incident

正解:

Question No : 15
Which of the following is NOT considered to be a form of computer misuse?

A.Illegal retention of personal data.
B.Illegal interception of information.
C.Illegal access to computer systems.
D.Downloading of pirated software.

正解:

BCS CISMP-V9 問題練習